Will your computer's "Secure Boot" turn out to be "Restricted Boot"?

To respect user freedom and truly protect user security, computer makers must either provide users a way of disabling boot restrictions, or provide a sure-fire way that allows the computer user to install a free software operating system of her choice.

Microsoft has announced that if computer makers wish to distribute machines with the Windows 8 compatibility logo, they will have to implement a measure called "Secure Boot." However, it is currently up for grabs whether this technology will live up to its name, or will instead earn the name Restricted Boot.

When done correctly, "Secure Boot" is designed to protect against
malware by preventing computers from loading unauthorized binary
programs when booting. In practice, this means that computers
implementing it won't boot unauthorized operating systems -- including
initially authorized systems that have been modified without being
re-approved.

This could be a feature deserving of the name, as long as the user
is able to authorize the programs she wants to use, so she can run
free software written and modified by herself or people she trusts.
However, we are concerned that Microsoft and hardware manufacturers
will implement these boot restrictions in a way that will prevent
users from booting anything other than Windows. In this case, a better
name for the technology might be Restricted Boot, since such a
requirement would be a disastrous restriction on computer users and
not a security feature at all.

The potential Restricted Boot requirement comes as part of a
specification called the Unified Extensible Firmware Interface
(UEFI), which defines an interface between
computer hardware and the software it runs. It is software that allows
your computer to boot, and it is intended to replace the traditional
BIOS. Most Lenovo, HP, and Dell computers ship with UEFI, and other
manufacturers are not far behind. All Apple computers ship with EFI and
components from UEFI. When booting, this software starts a chain which,
using a public key cryptography-based authentication protocol, can check
your operating system's kernel and other components to make sure they
have not been modified in unauthorized ways. If the components fail the
check, then the computer won't boot.

The threat is not the UEFI specification itself, but in how computer
manufacturers choose to implement the boot restrictions. Depending on a
manufacturer's implementation, they could lock users out of their own
computers, preventing them from ever booting into or installing a free
software operating system.

It is essential that manufacturers get their implementation of UEFI
right. To respect user freedom and truly protect user security, they
must either provide users a way of disabling the boot restrictions, or
provide a sure-fire way that allows the computer user to install a
free software operating system of her choice. Computer users must
not be required to seek external authorization to exercise their
freedoms. Further, he or she must be able to replace the bootloader and firmware altogether. The coreboot project is an example of a free software alternative to proprietary BIOS and bootloaders.

The alternative is frightening and unacceptable: users would have to
go through complicated and risky measures to circumvent the
restrictions; the popular trend of reviving old hardware with
GNU/Linux would come to an end, causing more hardware to be tossed in
landfills; and proprietary operating system companies would gain a
giant advantage over the free software movement, because of their
connections with manufacturers.

We will be monitoring developments in this area closely, and actively
campaigning to make sure this important freedom is protected. Our
first step is to demonstrate that people value this freedom, and will
not purchase or recommend computers that attempt to restrict it.

Learn more about Windows 8, UEFI, and boot restrictions

Resources

News and Blogs

UEFI secure booting, by
Matthew Garrett; in addition to providing a brief overview of
Restricted Boot, this article explains specifically why
dual-booting an operating system may be difficult, or at times
virtually impossible, for systems implementing and using Restricted
Boot.

Trusted Computing 2.0, by Ross Anderson of the Security Research, Computer Laboratory, University of Cambridge.